Summary
Working at Brubo often requires the use and access of electronic devices, computers, computer networks and other information technologies., As a Brubo employee, you will have access to proprietary company data, sensitive and important information, as well as the ability to use both internal and external networks. Accordingly, this policy which serves as a critical element if regulating what can and cannot be done with, to, or on Bruno’s IT resources and infrastructure. This policy is the culmination of a comprehensive risk assessment and had been authorized for implementation by senior management.
Policy Changes
In order to maintain the most up to date policy, the IT Department and the IT Advisory Board will review this policy and IT procedures on an annual basis. At that time the policy will be amended as necessary and reissued to Brubo employees and staff. Until that updated policy is officially announced, employees are required to comply with the IT policy that they most recently signed.
Appropriate Use
The main purpose of Brubo IT resources is to fulfil our primary task which is to provide an essential service to our customers. As a result, staff and employee use of Brubo IT resources is generally restricted to official company functions. Use of Brubo IT resources for social, personal or otherwise unofficial matters is prohibited, unless prior authorization is obtained from the employee’s supervisor. In such cases, further authorization for the IT Department will also be necessary. In the case of an emergency or otherwise exceptional circumstances, employees and staff may, within reason, contact friends and family, however such contact must be accomplished on the employee’s own free time and with their own device. The IT Department has the authority to, and will track all network activity including any activity on the company network, as well as activity performed from any authorized personal devices.
With the exception of a personal smartphone or guest device, personally-owned electronic equipment is prohibited from entering onto Bruno premises or accessing any Bruno network. In the case of a personal smartphone or guest device, authorization for the device must first be obtained from IT Department before use on a company network or entering company property.
Technical Practices
In order to maintain the physical security of Brubo IT resources, all company computers or electric devices must remain on Bruno property. Employees are prohibited from moving their computers without prior authorization.
In order to maintain the confidentiality, integrity and availability of company information, the Brubo IT department has instituted a number of protocols to be carried internally or with the assistance of our main internet hosting partner IT Joe.
All files on company computers shall be encrypted
All data travelling across a company intranet shall be encrypted
All access to company computers, electronic devices and networks will require a password and login credentials. Login credentials will be assigned to each employee in order to track, if necessary, which computer or network an employee has accessed.
Backup of vital, sensitive, and proprietary information will be made to a server on company premises, as well as remotely to IT Joe’s facility in Server City, which is located approximately 50 miles from Brubo’s main campus.
Both local and remotely stored backup will be encrypted
IT Joe will encrypt all data traffic travelling between Brubo and their facilities.
In the case of a disaster or emergency, Brubo’s recovery and business continuity plan shall take affect (please see separate Disaster Recovery and Business Continuity Policy)
Incidents and Enforcement
